from the publicly-posted-information,-searchable-by-the-public dept

Intelligence gathering on intelligence gatherers. Watching the watchers. Whatever you want to call it, Transparency Toolkit is doing it. It has gathered 27,000 publicly-posted resumes from members of the "intelligence community" and turned them into a searchable database.

The database -- ICWatch -- was put together using software specifically constructed by Transparency Watch (and posted at Github). Not only can the database be searched through TW's front end, but the data is also available in raw form for data-mining purposes.

"These resumes include many details about the names and functions of secret surveillance programs, including previously unknown secret codewords," Transparency Toolkit said.

"We are releasing these resumes in searchable form with the hopes that people can use them to better understand mass surveillance programs and research trends in the intelligence community."

What Transparency Watch has done is simplified a task anyone could have performed prior to the compilation of the ICWatch database. In fact, nearly two years ago, the ACLU's Chris Soghoian pointed out that public LinkedIn profiles were coughing up classified program names posted by intelligence community members in their listed skills and work history.

This is all Transparency Watch has done -- only in aggregate and accessible to those without a LinkedIn account.

The data was collected from LinkedIn public profiles using search terms like known codewords, intelligence agencies and departments, intelligence contractors, and industry terms, the group said.

What Soghoian noted back in 2013 remains true. Searches for known NSA programs frequently bring up other program names, all posted publicly by employees and contractors with an apparent disregard for the agency's "everything is a secret" policies.

Some may argue that this algorithmic collection of resumes and LinkedIn profiles may be dragging some people under the "intelligence community" umbrella that shouldn't really be there. That's likely true, but this is one of those inescapable outcomes of dragnet operations. They may also argue that turning over this information to the public may cause some of those listed to be subjected to harassment or put them in danger. Also, this may unfortunately be true as well.

But there's a simple solution, albeit one that can't be applied retroactively.

As the government so frequently points out to us, publicly-posted information carries no expectation of privacy. The same goes for government employees and government contractors in sensitive positions who choose to disclose information about their skills and employment publicly. If any danger to these people exists, it has always existed. ICWatch may make the job simpler, but it's done nothing any person can't do on their own, using simple search tools.

from the it-can-be-taught dept

About a year ago, the DHS -- seemingly completely oblivious to the fact that domestic surveillance programs were being collectively frowned upon in the wake of the Snowden leaks -- began soliciting quotes on a nationwide license plate reader database. Within a week, DHS head Jeh Johnson had shut down the plan, claiming the rogue solicitation had somehow escaped into the wild without a proper official approval and had nothing to do with the backlash it had generated upon discovery.

Not that the disappearance of this solicitation changed anything. The DHS (and ICE) already have access to the many ALPR databases maintained by a variety of private companies. All this would have done was provide the DHS with estimates on subscription fees and perhaps some help on developing a DHS/ICE-specific front end for access.

Immigration and Customs Enforcement (ICE) intends to issue a solicitation to obtain query-based access to a commercially available License Plate Reader (LPR) database.

ICE seems far more interested than usual in alleviating any concerns that this will be yet another domestic surveillance program.

ICE is neither seeking to build nor contribute to a national public or private LPR database. ICE will use LPR information obtained in response to queries of the commercial database to further its immigration enforcement missions. ICE law enforcement personnel will query the LPR database using known license plate numbers associated with the aliens who are immigration enforcement priorities, based on investigative leads, to determine where and when the vehicle has travelled within a specified period of time. The results of the queries can assist in identifying the location of aliens who are immigration enforcement priorities, to include aliens with certain criminal convictions, absconders, illegal re-entrants and those that pose a public safety or national security risk.

Rather than build new databases and grant open access to ICE agents, the agency is only looking to search known plate numbers. While this end will remain targeted, it doesn't do anything limit the collection efforts. Vigilant -- the largest ALPR provider -- claims to be adding more nearly 100 million plate/location records every month. The only thing "limited" about this plan is DHS's access. And even that may not be as limited as the previous paragraph implies.

ICE will also use LPR information obtained from the commercial database to further its criminal law enforcement mission, which includes investigations related to national security, illegal arms exports, financial crimes, commercial fraud, human trafficking, narcotics smuggling, child pornography, and immigration fraud.

So, it's not just immigration and customs enforcement. It's pretty much everything the ICE thinks it should have an active part in.

To its credit, it has at least compiled a Privacy Impact Assessmentahead of its ALPR database plans, rather than allow this to trail implementation by months or years. But within this assessment are hints that ICE's access won't be quite as limited as its earlier statement implies. For one, ICE already operates its own LPR cameras, so it won't solely be making use of preexisting data. It also has no controls in place to limit access when working with outside law enforcement agencies and using their access to LPR databases.

There are indications that the DHS and ICE are attempting to keep this access from being exploited or abused. The assessment notes that agents will be informed (and reminded) that a license plate "hit' cannot be the "sole basis" for law enforcement action. But the limits it's imposing on itself are still a bit too flexible. Plate info will only be allowed to be accessed for a "limited" amount of time, but that "limited" time frame is partly tied to the statute of limitations for the underlying crime. In most cases, the assessment notes, ICE agents will be able to access five years of historical plate/location data -- which it notes is approximately the average amount of time a person owns a particular vehicle.

The assessment also notes that the "Alert List" must be frequently updated to remove plates tied to closed investigations or when a person [but a license plate isn't a person?] is no longer a suspect. While some agents will be more proactive than others, the assessment only suggests an update be performed "at least annually."

The better news is that the DHS and ICE are making moves towards greater transparency, as well as demanding the winning vendor provide "robust audit trails" on any agency database use. Of course, a "robust audit trail" is only as good as the consequences for misuse, and the government in general has never been big on meaningful enforcement of its internal policies. Unfortunately, that's really the only thing preventing this targeted access from becoming the "unwarranted surveillance" the agency's Privacy Impact Assessment claims it's trying to avoid.

That being said, getting out ahead of the program with an impact assessment is almost unheard of in the law enforcement/intelligence field, so the DHS deserves some credit for realizing its past effort in this area was badly mishandled.

Police forces in England and Wales have uploaded up to 18 million "mugshots" to a facial recognition database -- despite a court ruling it could be unlawful.

They include photos of people never charged, or others cleared of an offence, and were uploaded without Home Office approval, [the BBC's] Newsnight has learned.

As BBC News notes, the photos of innocent people have been retained in contempt of an explicit order from the court to remove them:

It comes despite a ruling in 2012, when two people went to the High Court to force the Metropolitan Police to delete their photos from databases.

The judge warned forces should revise their policies in "months, not years".

Also worrying is this belief in the database's infallibility:

Andy Ramsay, identification manager at Leicestershire Police, told Newsnight the force now had a database with 100,000 custody photos.

He said searches of the database using facial recognition were 100% reliable in cases where there were clear images, and could be completed in seconds.

No non-trivial matching system is "100% reliable": there are always false positives that make detection of criminals harder, not easier. There is a danger that the UK police will start using this supposed infallibility as an argument in itself: since our system never makes mistakes, if it says you are guilty, you must be guilty. And there is another important issue, articulated here by David Davis, a former Conservative minister:

"It's quite understandable, police always want more powers, but I'm afraid the courts and parliament say there are limits," he said.

"You cannot treat innocent people the same way you treat guilty people."

What's worrying is that UK police forces don't seem to care what the courts say, as they strive to create their video surveillance database that does indeed treat everyone in exactly the same way: as potential criminals until the "100% reliable" system turns them into recognized criminals.

from the THE-DATABASE-IS-MADE-OF-PEOPLE! dept

Every day in the US, millions of license plate photos are scanned and stored in various third-party databases, accessible by hundreds of law enforcement agencies, including those at the federal level. Privacy concerns have been raised by groups like the EFF and ACLU, but these have been brushed off with two assertions:

The first point can't really be argued. Your expectation of privacy pretty much ends when you start traveling on public streets. But the massive number of plate photos scanned and stored still creates privacy concerns. Most of the photos stored in law enforcement databases have nothing to do with ongoing investigations, and long-term storage of irrelevant plate/location data allows law enforcement to "track" anyone it wants to. Further concerns arise when agencies troll events like political rallies to add plates to their databases. It may not be a privacy violation, but it does raise questions about surveillance of First Amendment-protected activities.

In addition to tracking license plates, the federal government has been taking and sharing photos of drivers and passengers inside the cars, documents obtained by the American Civil Liberties Union show.

License plate readers (LPRs) are designed to provide “the requester” with images of license plate vehicle numbers, in addition to “photos of visible vehicle occupants,” one of the newly released documents reads.

Another document obtained by the ACLU reveals the cameras have the ability to “store up to 10 photos per vehicle transaction including 4 occupant photos.”

The reality of the situation doesn't mesh with law enforcement's statements. And with ALPR manufacturers like Vigilant Solutions hoping to add facial recognition technology to their products, law enforcement agencies will soon have access to millions of individuals' photos, a large majority of which aren't currently under investigation.

The DEA's database alone holds at least 343 million LPR photos. Other law enforcement agencies are adding millions of shots to these shared databases daily. While the expectation of privacy is lowered in public settings, the millions of photos amassed turn these databases into long-term tracking devices. Surveillance of this scope used to be limited by personnel availability. Now, it's as easy as leaving camera running for the entire shift -- day after day after day. This low-effort process builds easy-to-use "maps" of citizens' movements -- where they work, where they live, which businesses they frequent, where they spend their "off" hours, which doctors they use, etc. And it's all at the fingertips of federal, state and local law enforcement agencies.

No law enforcement agencies are willing to talk about the implications of storing millions of "non-hit" photos. Los Angeles law enforcement officials went so far as to claim all captured photos were "relevant" to investigations. What little has been uncovered has been the results of tenacious FOIA requesters or open records lawsuits. The efforts being made to keep this information out of the public eye has very little to do with "protecting law enforcement methods" and everything to do with minimizing the amount of scrutiny or criticism these agencies face.

With the steady improvement of facial recognition technology, law enforcement agencies will soon know not only where your vehicle's been, but who was in it. The push back against this technology isn't so much about preventing its use, but preventing its abuse. Storing records unrelated to criminal activity for years is nothing more than stockpiling of data for its own sake -- nearly completely divorced from the actual business of enforcing laws.

from the and-all-it-took-was-an-outside-investigation dept

There's not much information symmetry when it comes to the public and their public servants. The public is routinely required to turn over all sorts of personal information, but their governments are rarely willing to return the favor. In particular, police departments tend to be very tight-lipped when it comes to details of officer misconduct or abuse. Most departments are more than willing to provide in-depth crime stats detailing wrongdoing by citizens, but when asked to turn the magnifying glass on themselves, the details provided are, at best, questionable.

We'll almost always know when police officers are shot at, but without issuing a deluge of FOIA requests, we'll never really know how often police officers shot at citizens. Nearly every police website contains a link to a memorial page dedicated to officers killed in the line of duty, but it takes crowdsourced, completely independent efforts to put together statistics on citizens killed by police officers.

The US Attorney's office is supposed to be gathering statistics on excessive force but, for the most part, it has completely washed its hands of this duty. It has allowed a mandatory requirement to become completely voluntary, with law enforcement agencies who do bother to participate providing incomplete and questionable statistics.

Baltimore officials will begin this month posting the outcomes of all civil lawsuits alleging police brutality and will reconsider their policy of requiring plaintiffs to keep silent after settlements are reached…

City Solicitor George Nilson, who enacted the new policy regarding police settlements and court judgments, said officials also would seek to provide increased training for officers who are most often cited in lawsuits.

This new openness appears to have been prompted by the Baltimore Sun's investigation of the city's police force.

Nilson said the moves were made in response to The Sun investigation, which showed the city has paid about $5.7 million since 2011 over lawsuits alleging police brutality and other misconduct.

While this is a good move on the city's part, the fact that it took an outside investigation to force this openness is still somewhat disheartening. That the city seemed unaware of how much it was spending to settle police-related lawsuits is disheartening as well. This doesn't say much for the city's financial oversight. Nor does it say much for police oversight, as the report notes that the PD's internal tracking of officers accused of misconduct and abuse is just as lax. Apparently, no one in either group had any idea how much was being spent or how many repeat offenders were involved until the Baltimore Sun pointed it out.

This new database, which will be publicly accessible, adds more transparency to the police department and the city itself.

And there's even more transparency on the way. The city council gave preliminary approval for outfitting police officers with body cameras. Baltimore's mayor, however, (Stephanie Rawlings-Blake) is fighting this bill, claiming it's "illegal" -- something that seems at odds with her general push for transparency elsewhere. On the bright side, she has approved the expansion of the PD's Internal Affairs division and given the police commissioner more power to "punish rogue officers." How this will actually play out remains to be seen (expanding power within police departments usually results in more efficient wagon-circling, rather than greater accountability), but these are all moves in the right direction.

Baltimore's move towards better police accountability is one more cities should emulate. And they should do it proactively, rather than waiting for the local media to force the issue. If police departments want to foster better relationships with the public, they need to be more willing to share the details on what they've done wrong. Knowing that every abuse of power may make its way into the public eye is a useful deterrent. And if the public knows who the repeat offenders are, those on the inside can no longer claim ignorance -- which leads to better accountability.

Neustar's lobbying effort to stop a key federal number-portability contract from slipping away to Ericsson's Telcordia unit took another turn via a report sent to the FCC from Michael Chertoff, a former secretary of homeland security. The report, from Chertoff's security consulting firm, the Chertoff Group, concluded that the bidding terms for the contract related to national security were "insufficient in both scope and specificity when compared with widely accepted national and international standards."

While the long report goes into detail about certain potential security deficiencies, the real issue is the fact that putting this information in the hands of a foreign company might move it slightly more out of reach of law enforcement and national security agencies.

The FBI and other law-enforcement agencies said that although they had "no position" on which firm should get the contract, they wanted to air their concerns, especially that there would be no disruption in access to call-routing data "in real time or near real time."

"Law enforcement cannot afford to have a lapse in this vital service," the agencies told the FCC in a letter.

Neustar, one of the "trusted third parties" the government relies on to collect and deliver data from telcos as requested by subpoenas, warrants or even FISA court orders, is lobbying hard to maintain control of its local-number portability administrator (LNPA) position. Losing this contract would do some serious damage to the company.

The LNPA contract accounted for 60 percent, 50 percent and 49 percent of Neustar's revenue in 2011, 2012 and 2013, respectively, according to an annual filing at the Securities and Exchange Commission. Neustar has held the contract since 1997.

Since it can't afford to lose this contract, it can't afford to keep its lobbying efforts hidden.

Neustar did not say how much it paid Chertoff to write the report, indicating only that it was a "modest sum," according to the New York Times.

The Chertoff report does point out some security issues, it's really just stumping for the home team. It's not so much about hackers or foreign entities gaining access as it is about a host of government agencies losing access. Chertoff is closely tied to national security agencies, none of which would welcome any new speed bumps being placed between them and a cellphone database they access over 4 million times a year.

Telcordia, the "foreign" company that may end up with the contract, is already promising big savings and uninterrupted law enforcement access. It's also playing up the USA! USA! angle in hopes of gaining control of the database.

Telcordia has said the software code used for the system will be entirely domestic. "We are not using any of the code used and deployed in foreign installations at all, zero," Iconectiv CTO Chris Drake told the Post last month.

No dirty foreign code here. Just ones and zeroes from good, honest Americans like yourselves. Unconfirmed reports allege this statement was delivered by Drake while wearing a cowboy hat, against a backdrop of American flags.

The NSA (and other agencies) love "domestic" code. It makes for the best backdoors. Telcordia's statements appear to address any law enforcement concerns about accessibility, as well as the security implications raised by Chertoff's impa$$ioned plea on behalf of Neustar. No hurdles here. Just more business as usual.

from the i-know-what-you-did-last-summer dept

You may not have known this in all the fallout from the ongoing revelations about our intelligence services spying on our daily activities, but it turns out that keeping tabs on ordinary citizens isn't just for the alphabet agencies. Good, old fashioned, local police departments can do it, too. And apparently some do, based on this ACLU legal filing against one local sheriff in Oklahoma, who took part in building and using an extensive database on citizens' activities that was likely illegal and was never shared with prosecutors or defense attorneys.

The ACLU in Oklahoma sued Logan County Sheriff Jim Bauman in Logan County Court on Sept. 11, seeking records from the "Black Asphalt" database. Logan County is just north of Oklahoma City. Its seat is Guthrie. The system was created by Joe David, the founder of Guthrie-based Desert Snow LLC, the ACLU says.

In a statement announcing the lawsuit, the ACLU claims it discovered Black Asphalt during an investigation of Desert Snow employees impersonating police officers in Caddo County in 2013, "as part of a scheme with the local district attorney to make traffic stops, seize cash and property from citizens, and funnel it into local coffers in exchange for a percentage of the profits."

Now, schemes for bilking citizens of their property by local police to fill the public coffers are nothing new, but the use of an extensive database system built by a private company to track civilians certainly is. The key part in all this is that the officers that used the system to compare civilian activities and notes on investigations never disclosed any of this to prosecutors, defense attorneys, or the courts. In case you're wondering, yes that's an insane work-around of due process. The more terrifying part is that this whole thing isn't limited to one Oklahoma county.

"On information and belief, the Black Asphalt system, since its inception, has had up to 25,000 members throughout the United States and Canada." The information posted on Black Asphalt "routinely lead to the detention, arrest or prosecution" of its members, the ACLU says in the lawsuit. It says it "received no response of any kind" to its February request for disclosure and inspection of records.

In fact, the ACLU made an in-person request for disclosure of the database at Sherrif Bauman's office, which was also denied. Oklahoma, mind you, has a relatively aggressive legal platform by which these requests are supposed to be honored, called the Open Records Act. It is under that law that the ACLU is seeking disclosure.

If you're a private citizen wondering if your local LEOs are keeping an undue eye on you, you should be rooting for the ACLU to win. If you aren't wondering about that, you probably should be.

Over the past 20 years, authorities have made more than a quarter of a billion arrests, the Federal Bureau of Investigation estimates. As a result, the FBI currently has 77.7 million individuals on file in its master criminal database—or nearly one out of every three American adults.

Between 10,000 and 12,000 new names are added each day.

This master database is accessed by thousands of employers running pre-hire background checks, as well as by banks and landlords. One moment of stupidity, even if it never results in time served, could derail someone's life. Arrests are damaging, even if it's ultimately determined that no criminal activity occurred. How many thousands of people are being turned down for loans or rejected by landlords simply because a cop made up BS charges to arrest a photographer or deployed handcuffs instead of responsible crowd control?

When Precious Daniels learned that the Census Bureau was looking for temporary workers, she thought she would make an ideal candidate. The lifelong Detroit resident and veteran health-care worker knew the people in the community. She had studied psychology at a local college.

Days after she applied for the job in 2010, she received a letter indicating a routine background check had turned up a red flag.

In November of 2009, Ms. Daniels had participated in a protest against Blue Cross Blue Shield of Michigan as the health-care law was being debated. Arrested with others for disorderly conduct, she was released on $50 bail and the misdemeanor charge was subsequently dropped. Ms. Daniels didn't anticipate any further problems.

But her job application brought the matter back to life. For the application to proceed, the Census bureau informed her she would need to submit fingerprints and gave her 30 days to obtain court documents proving her case had been resolved without a conviction...

She didn't get the job.

This is one case out of thousands. Exacerbating law enforcement's enthusiasm for making meaningless arrests is the fact that no one involved in maintaining the criminal database is interested in making sure it only contains convicted criminals. Documentation of arrests aren't removed when charges are dismissed and information on cleared individuals is seldom forwarded to the FBI by local PDs.

And it's not as though false arrests are the exception to the rule. According to research done by the University of South Carolina, it's more of a coin toss -- 47% of respondents who were arrested were never convicted and 25% were never even charged.

This callous disregard for the falsely arrested places the burden on those harmed by law enforcement's wrongful actions to clear their names, which in our criminal justice system is an entirely uphill battle.

In October 2012, Jose Gabriel Hernandez was finishing up dinner at home when officers came to arrest him for sexually assaulting two young girls.

Turns out, it was a case of mistaken identity. In court documents, the prosecutor's office acknowledged that the "wrong Jose Hernandez" had been arrested and the charges were dropped.

Once the case was dismissed, Mr. Hernandez assumed authorities would set the record straight. Instead, he learned that the burden was on him to clear his record and that he would need a lawyer to seek a formal expungement.

"Needless to say, that hasn't happened yet," says Mr. Hernandez, who works as a contractor. Mr. Hernandez was held in the Bexar County jail on $150,000 bond. He didn't have the cash, so his wife borrowed money to pay a bail bondsman the nonrefundable sum of $22,500, or the 15% fee, he needed to put up. They are still repaying the loans.

Notably, there are no corresponding negative results for police who arrest the wrong person. It's always an "honest mistake" even when nearly half of their arrests never result in convictions. It's the citizens who need to spend their time and money (which, given the economic background of those most likely to be arrested, are generally commodities in short supply) trying to convince potential employers, landlords and banks that they're not actually criminals.

The difference a false arrest can make in one person's life is devastating. According to the Wall Street Journal, someone with an arrest on their record is only half as likely to own a house and twice as likely to be below the poverty line by age 25.

Ballooning law enforcement budgets have combined with bad ideas like zero tolerance policies and "broken windows" policing to turn arrests into a near inevitability, especially for citizens who aren't white… or document police activity… or engage in First Amendment-protected speech. There's no path guaranteed to keep your record from being blighted by a trumped-up charge or an arrest that leads nowhere. To those who control your future -- employers, landlords, banks, college admission offices -- it all looks the same when the background report comes in. The FBI is barely interested in ensuring its criminal database only houses data on criminals and local law enforcement agencies seem to be totally disinterested in clearing those wrongfully charged. Once again, the public is expected to do the legwork if it ever hopes to climb higher than the lowest rung in our nation -- guilty even if proven innocent.

According to the Prairie Village Post, earlier this month lawyer Mark Molner was driving through a Kansas City suburb on his way home from his wife’s sonogram. All of a sudden, his BMW was blocked in front by a police car as another officer on a motorcycle pulled up behind him. (His pregnant wife witnessed the incident from a nearby parked car.)

According to what Molner told the Post, one of the officers then approached his car with his gun out.

“He did not point it at me, but it was definitely out of the holster,” Molner told the Post. “I am guessing that he saw the shock and horror on my face, and realized that I was unlikely to make (more of) a scene.”

The mistake prompting this guns-drawn approach of Molner's video could have been made by anybody. The ALPR read a "7" as a "2" and returned a hit for a stolen vehicle. The hit also returned info for a stolen Oldsmobile, which clearly wasn't what Molner was driving. But that could mean the plates were on the wrong vehicle, which is also an indication of Something Not Quite Right.

The PD's statement on the incident is fairly sensible and measured.

“The officer has discretion on whether or not to unholster his weapon depending on the severity of the crime. In this case he did not point it at the driver, rather kept it down to his side because he thought the vehicle could possibly be stolen. If he was 100 percent sure it was stolen, then he would have conducted a felony car stop which means both officers would have been pointing guns at him while they gave him commands to exit the vehicle.”

That makes sense, but there's still a chance this situation could have been averted. Molner's plate triggered the hit several miles before he was pulled over as pursuing police were unable to verify the plate due to traffic density. But it appears the officers made a last-minute decision to perform the unverified stop shortly before Molner would have driven out of the PD's jurisdiction. The stop occurred on the city/state boundary between Kansas and Missouri.

This lack of verification is what bothers Molner.

“I’m armchair quarterbacking the police, which is not a good position to be in,” Molner told the Post. “But before you unholster your gun, you might want to confirm that you’ve got the people you’re looking for.”

So, when the plate reader kicked back a bad hit, the cops did attempt to verify the plate, but it looks very much like they overrode procedural safeguards in order to prevent possibly losing a collar.

As these plate readers become more common, the number of erroneous readings will increase. If the verification safeguards are followed, problems will be minimal. But if anyone's in a hurry... or the vehicle description is too vague... or it's night... or someone's had a bad/slow day... or if the end of the month is approaching and the definitely-not-a-quota hasn't been met… bad things will happen to good people.

Placing too much faith in an automated system can have terrible consequences. Molner came out of this without extra holes, electricity or bruises. Others may not be so lucky.

from the horrible-'setback'-puts-the-DHS-right-back-in-its-original-position dept

As we recently covered, the DHS and ICE asked for bids for a nationwide license plate database before killing off the plan a few days later, apparently realizing more massive government surveillance wasn't exactly what Americans were looking for at this point in time.

[C]ontrary to widespread understanding, DHS’ solicitation for bids had nothing to do with asking a contractor to build a nationwide license plate tracking database. Such a database already exists. The solicitation was more than likely merely a procedural necessity towards the goal of obtaining large numbers of agency subscriptions to said database, so that ICE agents across the country could dip into it at will, as many have been doing for years already. There was never a plan to "build" a plate database. A database almost exactly like the one DHS describes is a current fact. It is operated by a private corporation called Vigilant Solutions, contains nearly two billion records of our movements, and grows by nearly 100 million records per month.

So, instead of being a "win" for privacy-minded Americans, it's not even a tie. The government already has access to collected plate records. It was just looking to expand its existing access. Plate readers, some operated by federal government agencies like the CBP, are adding millions of records a day, and these records are loosely governed by a patchwork of state and local statutes, most of which allow for the retention of "non-hit" data for periods as long as five years.

As I pointed out in my post detailing the cancellation of the bid solicitation, nothing much changes for ICE. It, like many, many, many, OH MY GOD THERE'S SO MANY other law enforcement agencies (click on that pulldown menu and get ready for a whole lot of scrolling), already has warrantless access to a variety of license plate databases. And, as I noted when the news of the bid solicitation first hit, Vigilant seemed to be vying for the top spot, having recently sent out a press release touting its ALPRs' effectiveness in fighting crime, as well as filing a lawsuit against the state of Utah for violating its First Amendment rights by preventing it from setting up shop.

The department doesn’t intend to build its own license plate reader database, and it isn’t asking corporations to build one. Instead, it is seeking bids from private companies that already maintain national license plate reader databases. And because it’s the only company in the country that offers precisely the kind of services that DHS wants, there’s about a 99.9 percent chance that this contract will be awarded to Vigilant Solutions. (Mark my words.)

According to documents obtained by the ACLU, ICE agents and other branches of DHS have already been tapping into Vigilant’s data sets for years. So why did the agency decide to go public with this solicitation now? Your guess is as good as mine, but it may simply be a formality so that the agency can pretend as if there was actually robust competition in the bidding process.

So, apparently all that's really been achieved is the removal of the bidding process from the public eye. Vigilant may already be in the process of hooking ICE up to the ALPR database mainline and everyone involved is now just waiting for the furor over massive domestic surveillance to die down. The privacy concerns are even less likely to be addressed now that the process has been pushed out of the sunlight. As a private company, Vigilant has the luxury of ignoring constitutional issues, leaving that up to its customers to sort out. All it wants to do is be the top company in the ALPR business. Everything else is someone else's problem.

The bottom line is: nothing was avoided or prevented here. It was a momentary setback for ICE itself, but the government (including entities on state and local levels) already has millions of license plate records to sift through, with millions more being generated every single day.